The
Committee received a report which covered the update of the
Strategic Risk Register in its proposed new format, which was still
at an embryonic stage and included risk and risk appetite scores
that were still subject to review.
The format of the Risk Register
had not been updated for some time. Following the debate at
Governance and Audit Committee in January 2017, the Head of Audit
and Risk Management had undertaken research into different risk
register formats and different ways of recording risks. CMT had
approved the new approach which was still a work in
process.
The new register consisted of a
one page summary for each risk. It included risk ratings for
unmitigated risk, current residual risk and the risk appetite and
tracked all three of these ratings over a number of quarters in
order to present the history and trends of the risk. The register
also included a RAG status for each risk, an overview of the
current actions being under taken and details of further mitigation
of what more should be done in order to reduce the risk rating down
to the risk appetite level.
As a result of Members’
comments and questions, the following points were made:
- The format
of the new risk register was a significant improvement from the old
register and enhanced the displaying of the risk information. It
was clearer and a helpful and much needed step forward.
- Risk 2 was
not yet a trend, nor yet a massive cause for concern as the rating
had only increase for one quarter. The issue was that as there were
so many complex transformation programmes ongoing at the same time
there was a risk of disconnect across the programme, which needed
to be managed by the Transformation Board.
- Where the
level of risk matched the risk appetite for two or more quarters
consideration would be given to removing them from the Strategic
Risk Register. The removal of the risk would be discussed with CMT
and the Risk Management Group. The Head of Audit and Risk
Management stated that careful consideration wouold be needed before removing some of the risks
from the strategic risk register, such as they cyber risk, given
the recent national cyber attacks.
- Risk 12 was
a difficult risk to manage as many of the factors were out of the
control of the council, but there would be a significant, negative
impact on the Council’s reputation if an incident were to
occur. The risk would probably never reach the appetite
level.
- The OFSTED
report would be released in a few weeks time and would help inform
the rating and mitigations for risk 12.
- The risk
which had been removed relating to the loss of key staff
wasn’t just in relation to staff leaving the organisation or
retiring. It was related to the loss of staff in key positions and
at key levels and the way the organisation had to operate and keep
moving forward often without replacing the staff. This was a risk
that could be managed as the Council had to accept the likelihood
of losing staff members at this time of change.
- An example
of staff change was CMT which had been very stable for some time
but had changed by 50% over the last year. It was felt that the transition had been managed
very well.
- Risks that
were removed from the Strategic Risk Register would continue to be
monitored through Directorate Risk Registers or Programme Risk
Registers, if they were flagged as a concern they would be brought
back onto the Corporate Risk Register.
- The cause
for the change in risk ratings would be picked up in the rationale
for the risk.
- The new
register was much better for reporting as it read like a
dashboard.
- Risks were identified through
departmental risk registers, if there were concerns these were
flagged and monitored by the Risk Management Group and CMT, who
would debate and challenge the risks. CMT would share current
developments, challenges and highlight issues at their weekly CMT
meeting.
- The
Director Children, Young People and Learning was keeping a close
eye on Risk 9 due to the rise in demand to determine whether this
was temporary blip or a more permanent issue.
RESOLVED
that:
- the
Committee provide feedback on the new format and completeness of
risks and scores in the re-formatted Strategic Risk Register
attached at Appendices 1 including risk appetite.
- the Committee
provide feedback on the proposal to remove risks that have been
mitigated down to the risk appetite level for two or more
consecutive quarters.